Technology

The Intensifying Scrutiny at Airports

June 04, 2002

In Steven Spielberg's upcoming movie, Minority Report, Tom Cruise plays a cop working for the mythical federal Precrime Dept. Through the use of mysterious techno-psychic powers, he and other sleuths are able to foretell murders -- and arrest perpetrators before they act. The plot thickens when the system identifies Cruise as a future killer, forcing him to elude capture until he proves his innocence.

While far out, the story does capture hopes and fears surrounding the deployment of new technologies aimed at making air travel more secure. Advocates of exhaustive screening envision an intelligent system that can more readily spot hijackers and terrorists -- and intercept them before they strike. Civil libertarians, by contrast, fear that with so much information on individuals at its disposal, the government will use this data in unforeseen -- and possibly unethical -- ways.

NEW ARM OF THE LAW. Airline security, including the use of biometrics (such as computerized facial recognition) to identify crews, airport employees, and "trusted travelers," is rapidly becoming the test bed for both camps. A system is rolling out that will make air travel one of the most intensely scrutinized -- some might say most thoroughly invaded -- pursuits in American life.

Leading the new effort is the Transportation Safety Administration (TSA), an arm of the U.S. Transportation Dept. The TSA was spawned after September 11 with a mandate to secure the domestic transportation system. And how well that works -- or doesn't -- could set the tone for numerous other security efforts in the post-September 11 era.

The TSA's initial priorities were to hire and train a new federal force of 30,000 airport-security employees and install thousands of new explosives-detection systems that could check every piece of luggage that goes on a plane at 429 major U.S. airports by yearend. The TSA's staff has been quietly working on a handful of screening programs that worry guardians of liberty, such as the American Civil Liberties Union (ACLU). Passengers could soon find themselves checked against a manifest that includes not only their name and seat assignment but also the photograph from their driver's license or passport. Or they could be scrutinized by facial-recognition systems designed to rout out known terrorists during boarding.

WHO SEES WHAT? No one objects to catching bad guys, of course, but such data-centric methods could scoop up a lot of others in the process. They might identify people who have routine relationships with terrorists -- folks who merely live in the same building or attend the same place of worship.

Since the TSA now holds jurisdiction over airport security, these programs and the information they assemble will end up within the feds' purview. Most likely, this data will be kept and evaluated in a central repository that's widely available to various agencies and subject to the normal leaks of government. The TSA hasn't yet said whether it will allow individuals to see what has been collected on them and contest or correct it.

The backbone of next-generation airport-screening technology will be CAPPS II (for computer-assisted passenger prescreening system). The first CAPPS system was developed in the early 1990s by Northwest Airlines to spot potential hijackers by examining a limited amount of data. The information gathered included such details as whether a ticket was paid for in cash, whether it was one-way, and how long before the date of departure it was purchased.

WATCHING EVERY STEP. CAPPS II will most likely make the old system look primitive. It will not only examine travel booking and payment information but it will also be much more tightly integrated with lists of terrorists and criminals that are kept by global and domestic law-enforcement agencies. In addition, CAPPS II will pull in data from banks, credit-reporting agencies, and other companies that aggregate personal information, including Experian, Acxiom (ACXM), and ChoicePoint (CPS), to name a few likely candidates.

The new CAPPS system will most likely be involved at every step a traveler takes. "A next-generation version would be enabled at all points of passenger processing: booking, ticketing, check-in, security screening, and aircraft boarding," Jim Dullum, managing director of Electronic Data Systems (EDS), testified before a panel of U.S. senators in April. Most important, CAPPS II will likely be run by a single agency -- probably the TSA -- and won't rely on individual airlines for technical support.

That makes sense to the technologists who are trying to build the system. A federal screening system would allow more-controlled access to data, they say. "The guy at the airport ticket counter might have one view. The FAA and the TSA might have another view. And you could build a strict audit trail of who sees what type of information," explains Steve Cooperman, Oracle's (ORCL) director of homeland-security solutions.

"Trusted travelers" could avoid serpentine lines at airports

What would make CAPPS II especially powerful would be its ability to incorporate exotic new technologies that look beyond obvious correlations. For example, Las-Vegas-based Systems Research & Development (SRD) already builds software that cross-references databases using "fuzzy logic" algorithms that can spot red flags -- such as social associations with known terrorists -- that the old CAPPS system might not have noticed.

DEEP BACKGROUND. SRD's strong ties with the casino industry might prove useful. "You may have a dealer at one of the places and find out their next-door neighbor is a known card cheat. That kind of logic applies very well to antiterrorism," explains Allen Shays, chief operating officer of the government systems division at data warehousing specialist NCR Teradata.

The TSA is also exploring how to weave biometric applications into CAPPS II via "trusted traveler" programs. With these, passengers would agree to biometric identification and undergo background checks to expedite their trips. They would still go through standard CAPPS II screening and mandatory baggage checks but could avoid the serpentine lines that will plague airports for some time.

Exactly what criteria will be used to establish who is a trusted traveler remains unclear. Some of the tech specialists involved with the TSA's efforts think a couple of fingerprints and a standard credit check combined with an FBI check would be sufficient. Others think the same criteria that are used for obtaining national security clearances should apply. That would mean a far more extensive and expensive check -- and require trusted traveler applicants to submit all 10 fingerprints.

FALSE SECURITY? While many business travelers would likely sign up for trusted-traveler clearance, "no program has taken off because the TSA needs to establish a criteria for trusted traveler and what privileges you would be granted," says Joseph Atick, the CEO of biometric company Visionics (VSNX). Not surprisingly, he's an advocate of both trusted-traveler programs and using biometrics for passenger screening.

The idea that a trusted-traveler program might be used by many millions of Americans troubles the ACLU on several counts. "The problem with trying to have the government identify some citizens as trusted leads to the possibility that some people who get these preferential security treatments will become security risks themselves," says Jay Stanley of the ACLU's Technology & Liberty Program. Obvious examples: Oklahoma City bomber Timothy McVeigh, who was a veteran of the Gulf war, and FBI agent Robert Hansen, who spied for Russia.

Equally troubling is the possibility that innocent people will be tagged as untrusted because of simple and legitimate associations with terrorist groups or other unsavory individuals. Further, Stanley worries about what will happen to all the information collected by CAPPS II. "It's offensive that private corporations and data aggregators are creating vast dossiers on the American people," he declares. "When you talk about the government doing that, it becomes even more serious and offensive."

HUSH-HUSH. Stanley also points out that using these databases to screen for terrorists is more problematic than screening for, say, credit scofflaws, since a relative paucity of good information on known terrorists is available.

To date, the TSA's new techno-security efforts remain largely in the pilot stage. The agency remains hush-hush, but insiders believe it will spend less than $100 million on CAPPS II -- a relatively small sum for such an ambitious project. The big push for tighter travel security should start this fall and continue through 2003.

Already, the TSA has awarded grants for pilot projects to four tech companies, says NCR Teradata's Shay. It isn't clear what the projects are, though. SRD and antifraud software company HNC Software (HNC), as well as systems integrator Accenture (ACN), declined to comment for this story. The ACLU seems to be uncharacteristically in the dark.

It appears, though, that CAPPS II has been cleared for takeoff. What remains is to see how well it flies in the eyes of a public that's facing stark choices on privacy vs. security. By Alex Salkever